package com.patterns.design.security.web.security;

import java.io.IOException;
import java.util.Date;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;
import org.owasp.esapi.Validator;



public class SecurityFilter implements Filter {
	
	protected static final Log logger = LogFactory.getLog(SecurityFilter.class);
	
	private Encoder encoder;
	private Validator validator;
	
    public void doFilter(ServletRequest req, ServletResponse res,
            FilterChain chain) throws IOException, ServletException {
        logger.info("Before request processing..." );
    	
        HttpServletRequest request = (HttpServletRequest) req;
 
        //Get the IP address of client machine.
        String ipAddress = request.getRemoteAddr();
        String uri = request.getRequestURI();
        String sanitizeNoJavascript=request.getParameter("sanitizeNoJavascript");
        String encodeForHtmlInFilter=request.getParameter("encodeForHtmlInFilter");
        String validateForHtml=request.getParameter("validateForHtml");
        String validateBaseOnSufixInFilter=request.getParameter("validateBaseOnSufixInFilter");
        
        boolean sanitizeNoJavascriptFlag=false;
        boolean encodeForHtmlInFilterFlag=false;
        boolean validateForHtmlFlag=false;
        boolean validateBaseOnSufixInFilterFlag=false;
        if("on".equalsIgnoreCase(sanitizeNoJavascript)){
        	sanitizeNoJavascriptFlag=true;
        }
        if("on".equalsIgnoreCase(encodeForHtmlInFilter)){
        	encodeForHtmlInFilterFlag=true;
        }
        if("on".equalsIgnoreCase(validateForHtml)){
        	validateForHtmlFlag=true;
        }
        if("on".equalsIgnoreCase(validateBaseOnSufixInFilter)){
        	validateBaseOnSufixInFilterFlag=true;
        }
        
        //Log the IP address and current timestamp.
        logger.info("URI:" +uri+" IP "+ipAddress + ", Time "+ new Date().toString());
 
        SecureRequestWrapper wrapper=new SecureRequestWrapper((HttpServletRequest) req, 
        													encoder, 
        													validator,
        													sanitizeNoJavascriptFlag,
        													encodeForHtmlInFilterFlag,
        													validateForHtmlFlag,
        													validateBaseOnSufixInFilterFlag);
        logger.info("Process request..." );
        chain.doFilter(wrapper, res);
        
        logger.info("After request processing..." );
    }
    
    public void init(FilterConfig config) throws ServletException {
		CustomEsapiConfiguration esapiConfig=new CustomEsapiConfiguration();
		ESAPI.override(esapiConfig);
        encoder= ESAPI.encoder();
        validator=ESAPI.validator();
    }

    public void destroy() {
        //add code to release any resource
    }
    
}